Research projects

Enabling Zero Trust architectures using OAuth2.0 and Verifiable Credentials

project logo

Enabling Zero Trust Architectures using OAuth2.0 and Verifiable Credentials (ZeroTrustVC) implements Authentication and Authorization for HTTP-based resources using JWT-encoded Verifiable Credentials.
ZeroTrustVC is based on the research paper Capability-based access control for multi-tenant systems using OAuth 2.0 and Verifiable Credentials by N. Fotiou, V.A. Siris, G.C. Polyzos, appeared in 30th International Conference on Computer Communications and Networks (ICCCN).
ZeroTrustVC facilitates capabilities-based access control, supports efficient VC revocation, and enables "strong authentication and authorization of every access request" enabling resource access over public, untrusted networks, aka Zero -Trust Architectures (ZTAs).
Project outcomes

  • N. Fotiou, E. Faltaka, V. Kalos, A. Kefala, I. Pittaras, V. A. Siris, G. C. Polyzos, "Continuous authorization over HTTP using Verifiable Credentials and OAuth 2.0", in Open Identity Summit 2022 (OID2022), 2022 Download
  • N. Fotiou, V. A. Siris, G. C. Polyzos, Y. Kortesniemi, D. Lagutin, "Capabilities-based access control for IoT devices using Verifiable Credentials", in IEEE Symposium on Security and Privacy Workshops, Workshop on the Internet of Safe Things (SafeThings), 2022 Download

Final Project Demo

Midterm Project Demo